maestro-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several shell commands to facilitate the review process, including
git diff,git add,git commit, and a suite of configurable verification commands such as{test_command},{lint_command}, and{typecheck_command}. It also utilizes an externalbrCLI tool to retrieve track metadata and commit SHAs. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes and analyzes data from external, potentially untrusted files.
- Ingestion points: The agent reads implementation requirements from
spec.md, task plans fromplan.md, and arbitrary source code changes viagit diff. - Boundary markers: The instructions do not define boundary markers or 'ignore' directives to prevent the agent from following instructions that might be embedded within the files being reviewed.
- Capability inventory: The skill has the permission to execute shell commands (test/lint) and modify the repository state through the 'Auto-fix' protocol, which includes automatic commits.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the track files or the git history before it is interpolated into the agent's analysis context.
Audit Metadata